[ubuntu-hardened] [refpolicy] Cannot use SSH with Refpolicy in Ubuntu Hardy

=?utf-8?Q?V=E1clav_Ovs=EDk?= vaclav.ovsik at i.cz
Mon Sep 8 07:25:58 BST 2008

On Sat, Sep 06, 2008 at 10:57:26PM -0400, Hong wrote:
> Thanks for your reply, Justin.
> I just changed the line `SELINUX=enforcing` to `SELINUX=permissive` and
> reboot the system.
> After reboot, I checked `getenforce` and it returned `permissive`.
> But still I cannot ssh to the machine remotely...
> After each try with a correct password, /var/log/message doesn't grow but
> /var/log/audit/audit.log grows with one line.
> If I tried with an incorrect password, neither of the two log files changed.

Did you relabel file-system?
If you have some SE Linux problem (denials), sshd may fail even in
permissive mode, because it is SE Linux aware application and it can
choose different code flow with SE Linux enabled. Running the system in
permissive mode is not the same as running the system with SE Linux
switched off. I observed this sshd problem too.

More information about the ubuntu-hardened mailing list